10/6/2022: $500M+ was Stolen on BSC
Hacker stole 2M BNB tokens from the BSC Token Hub
Today was a very calm and light news day. I was about to write a boring story about Costco’s impressive September sales and waited for tomorrow’s job report. When I was about to fall asleep at my desk writing about Costco, some crazy crypto news happened!! About 3 hours ago, BSC (Binance Smart Chain) halted their chain. Apparently, 2M BNB tokens (or ~$550M USD) were stolen from BSC Token hub through some cross chain minting mechanism. At first, people were very confused why a crypto whale is acting crazy by swapping out and borrowing an insane amount of money on the BSC chain. But apparently this one day old crypto whale stole 2M BNB through a clever hack. I don’t fully understand the whole mechanism as it’s quite technical but this twitter thread explains how this hacker was able to trick the BSC Token hub to send them 2M BNB. It sounded like the hacker was able to fake a proof of deposit and withdraw the funds from the token hub.
The BSC chain is now halted due to this $500M hack. The hacker’s wallet address has been blacklisted by USDT. As illustrated above, about $100M of funds are bridged over to other chains. I suppose we can assume that $100M is lost. It does sound like the Binance team /BSC chain might do something to prevent the hacker from transferring out the remaining $440M dollars on BSC though. It would be interesting to see how they deal with the aftermath of this hack once the BSC chain resumes operations. Personally, I think the scariest part of this hack is that people assume the math and cryptography work flawlessly. The reason we trust decentralization is because we can rely on these impressive cryptographic algorithms. But what if it turns out to be a false promise. If there’s another leap of computational power, our private keys could be broken. Right now we are already seeing smart hackers accessing other people’s wallets or in this case faking proof of deposits. Without any centralized authority to punish bad behavior, crypto users need to shoulder all the risks themselves. I am not sure if most crypto users are aware or ready for that level of risk taking . This is not something most crypto influencers talk about when they try to shill their coins.